Normativa de seguridad (serie ISO 27000)

Esto pretende ser una pequeña referencia del estado actual de la serie ISO 27000. Hay numerosas normas sobre distintos requisitos de seguridad, y creo que es conveniente ponerlos en algún sitio.

De todos modos se puede echar un vistazo en el “sitio oficial” de ISO: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=45306&published=on

El estado de las normas se codifica en base a unos acrónimos que ISO tiene identificados y que son:

• 1.PWI = Preliminary Work Item – initial feasibility and scoping activities
• 2.NP = New Proposal (or study period) – formal scoping phase
• 3.WD = Working Draft (1st WD, 2nd WD etc.) – development phase
• 4.CD = Committee Draft (1st CD, 2nd CD etc.)- quality control phase
• 5.FCD = Final Committee Draft – ready for final approval.
• 6.DIS = Draft International Standard – nearly there. Stage 40.
• 7.FDIS = Final Draft or Distribution International Standard – just about ready to publish. Stage 50.
• 8.IS = International Standard – published. Stage 60.
• 9. Under revisión. Stage 90.

La situación actual del marco internacional de normas ISO 27000 es:

• ISO/IEC FCD 27000.
  Information technology — Security techniques — Information security management systems — Overview and vocabulary. Stage:40.99
• ISO/IEC 27001:2005.
  Information technology — Security techniques — Information security management systems — Requirements. Stage:60.60
• ISO/IEC 27002:2005
  Information technology — Security techniques — Code of practice for information security management. Stage:90.92
• ISO/IEC FCD 27003
  Information technology — Information security management system implementation guidance. Stage:40.20
• ISO/IEC FCD 27004.2
  Information technology — Security techniques — Information security management — Measurement. Stage:40.20
• ISO/IEC 27005:2008
  Information technology — Security techniques — Information security risk management. Stage:60.60
• ISO/IEC 27006:2007
  Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems. Stage:60.60
• ISO/IEC WD 27007
  Guidelines for Information security management systems auditing. Stage:20.60
• ISO/IEC FDIS 27011
  Information technology — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002. Stage:50.60
• ISO/IEC NP 27012
  Information technology – Security techniques — ISM guidelines for e-government services. Stage:10.99
• ISO/IEC NP 27032
  Guidelines for cybersecurity. Stage:10.99
• ISO/IEC NP 27033
  Information technology — IT Network security.Stage:10.99
• ISO/IEC CD 27033-1
  Information technology — Security techniques — IT network security — Part 1: Guidelines for network security. Stage:30.60
• ISO/IEC WD 27033-2
  Information technology — Security techniques — IT network security — Part 2: Guidelines for the design and implementation of network security. Stage:20.60
• ISO/IEC WD 27033-3
  Information technology — Security techniques — IT network security — Part 3: Reference networking scenarios — Risks, design techniques and control issues. Stage:20.60
• ISO/IEC NP 27033-4
  Information technology — Security techniques — IT network security — Part 4: Securing communications between networks using security gateways – Risks, design techniques and control issues. Stage:10.99
• ISO/IEC NP 27033-5
  Information technology — Security techniques — IT network security — Part 5: Securing Remote Access – Risks, design techniques and control issues. Stage:10.99
• ISO/IEC NP 27033-6
  Information technology — Security techniques — IT network security — Part 6: Securing communications across networks using Virtual Private Networks (VPNs) — Risks, design techniques and control issues. Stage:10.99
• ISO/IEC NP 27033-7
  Information technology — Security techniques — IT network security — Part 7: Guidelines for securing (specific networking technology topic heading(s) to be inserted3) — Risks, design techniques and control issues. Stage:10.99
• ISO/IEC NP 27034
  Guidelines for application security. Stage:10.99
• ISO/IEC NP 27037
  Information technology – Security techniques — on Information security management: Sector to sector interworking and communications for industry and government . Stage:10.99

Fuente sgsi-iso27001.blogspot.com.

Related posts

• La seguridad interna sí es importante… (1)
• [Guía] Vamos a bastionar… (0)
• Métricas de seguridad (0)
• Convirtiendo Firefox en una máquina de matar… (0)
• [Howto] Reset iptables (0)

Leido 412 veces